General

  • Target

    5de1c7ab2a83edc8ae757ba8d7f62adb.exe

  • Size

    1.4MB

  • Sample

    210119-7a7naz3r8j

  • MD5

    5de1c7ab2a83edc8ae757ba8d7f62adb

  • SHA1

    30d1ff434b659916eaf8c37fea1190b91aa650ce

  • SHA256

    e7b1ad88e518117bed32f9ff14ae294d579826cee660c49cb58d48d59133a523

  • SHA512

    a82c885923d028381148e21f673a38399fe8ca1072049e114088e02bedc3b8e17ba16dcc053f793ce7c01bdc305580236ec7f4249d2dd8279f46f3117be72982

Score
10/10

Malware Config

Extracted

Family

remcos

C2

grtwyagvbxnzmklopmdhsyuwaszxbyhredsnmko.ydns.eu:2006

Targets

    • Target

      5de1c7ab2a83edc8ae757ba8d7f62adb.exe

    • Size

      1.4MB

    • MD5

      5de1c7ab2a83edc8ae757ba8d7f62adb

    • SHA1

      30d1ff434b659916eaf8c37fea1190b91aa650ce

    • SHA256

      e7b1ad88e518117bed32f9ff14ae294d579826cee660c49cb58d48d59133a523

    • SHA512

      a82c885923d028381148e21f673a38399fe8ca1072049e114088e02bedc3b8e17ba16dcc053f793ce7c01bdc305580236ec7f4249d2dd8279f46f3117be72982

    Score
    10/10
    • Remcos

      Remcos is a closed-source remote control and surveillance software.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

1
T1082

Tasks